Some notes about Android Security

Android Security

I had the time to take a long look on Android security. I found some Android Anti-Virus programs which aren’t much different from their Windows counterparts – they work by scanning APKs for known files using a signature database. This can easily get by-passed using encryption, polymorphic code, and similar methods. Needless to say, none of them will detect a new Android exploit/virus trying to take over the system.

Regarding Android exploits, I found out Google had fixed version 2.2.1 so running in-app exploits doesn’t work anymore (I thought its the use of /dev/ptmx which enables applications to connect to shell, but apparently it’s not since no fix relating to this has been issued, yet using /dev/ptmx doen’t work on 2.2.1 as on 2.2). Running exploits thru ADB shell, one can still obtain root (even with the new ADB binary found on 2.3) although many known exploits doesn’t work any more (rage, exploiting hotplug). I also found one troubling Linux exploit from which poweroff my Android device. Although atm this attack is only a denial-of-service, one might ‘upgrade’ it for privilege escalation. To summarize ADB Android exploit status:

2.2 – adb shell exploitable, in-app exploitable
2.2.1 – adb shell exploitable, in-app not exploitable
2.3 – adb shell semi-exploitable, in-app not exploitable

So we can see the progress Google had made, but it’s not perfect yet.
Also, Google is pushing a silent update to prevent in-app exploits in current version (someone told me it’s not even for 2.2.1 which points to 2.2 as the candidate). I guess we’ll know shortly.

Some important links to watch:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s